fix(deps): vuln black (major → 26.3.1) [datadog_checks_dev]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• datadog_checks_dev (pep621)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
black	23.12.1	26.3.1	major	Direct	2 HIGH, 3 MODERATE

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (2 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
black	GHSA-3936-cmfr-pm3m	HIGH	Black: Arbitrary file writes from unsanitized user input in cache file name	23.12.1	26.3.1
black	CVE-2026-32274	HIGH	Black: Arbitrary file writes from unsanitized user input in cache file name	23.12.1	-

ℹ️ Other Vulnerabilities (3)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
black	GHSA-fj7x-q9j7-g6q6	MODERATE	Black vulnerable to Regular Expression Denial of Service (ReDoS)	23.12.1	24.3.0
black	CVE-2024-21503	MODERATE	-	23.12.1	-
black	PYSEC-2024-48	MODERATE	-	23.12.1	f00093672628d212b8965a8993cee8bedf5fe9b8

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

[campaigner-prod]

Release Notes

black (23.12.1 → 26.3.1) — GitHub Release

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using
  exact-length placeholders for short magics and aborting if a placeholder can no longer
  be unmasked safely (Fix some shenanigans with the cache file and IPython psf/black#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom
  magic names cannot affect cache paths (Fix some shenanigans with the cache file and IPython psf/black#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting
  and request body limits, and bound executor submissions to improve backpressure
  (Harden blackd browser-facing request handling psf/black#5039)

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (Don't double-decode input, causing non-UTF-8 files to be corrupted psf/black#4964)
• Fix crash on standalone comment in lambda default arguments (Fix crash on standalone comment in lambda default arguments psf/black#4993)
• Preserve parentheses when # type: ignore comments would be merged with other
  comments on the same line, preventing AST equivalence failures (Fix: Preserve parentheses when merging # type: ignore with other comments to prevent AST errors  psf/black#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had
  a trailing comma (Fix #4653 If guard explosion in case statement psf/black#4884)
• Fix string_processing crashing on unassigned long string literals with trailing
  commas (one-item tuples) (Fix string_processing error with unassigned long string literal with trailing comma psf/black#4929)
• Simplify implementation of the power operator "hugging" logic (Simplify power operator hugging implementation psf/black#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in
  frozen environments (Fix PyInstaller shutdown errors on macOS psf/black#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (add winloop support and remove deprecated functionality from uvloop psf/black#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop()
  (add winloop support and remove deprecated functionality from uvloop psf/black#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop
  installation and creation of either a uvloop/winloop evenloop or default eventloop
  (add winloop support and remove deprecated functionality from uvloop psf/black#4996)

Output

• Emit a clear warning when the target Python version is newer than the running Python
  version, since AST safety checks cannot parse newer syntax. Also replace the
  misleading "INTERNAL ERROR" message with an actionable error explaining the version
  mismatch (Warn when target version exceeds runtime Python version psf/black#4983)

Blackd

• Introduce winloop to be used when windows in use which enables blackd to run faster on
  windows when winloop is installed. (add winloop support and remove deprecated functionality from uvloop psf/black#4996)

Integrations

• Remove unused gallery script (Remove gallery/ psf/black#5030)
• Harden parsing of black requirements in the GitHub Action when use_pyproject is
  enabled so that only version specifiers are accepted and direct references such as
  black @ https://... are rejected. Users should upgrade to the latest version of the
  action as soon as possible. This update is received automatically w

(truncated)

26.1.0

Highlights

Introduces the 2026 stable style (psf/black#4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import
  statements, except when the line after the import is a comment or an import statement
  (Two blank lines after an import should be reduced to one psf/black#4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations,
  such as def foo(): return "mock" # fmt: skip, where previously the declaration would
  have been incorrectly collapsed (fix_fmt_skip_in_one_liners psf/black#4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal
  strings if preceded by comments (Fix bug where module docstrings would be treated as normal strings if preceded by comments psf/black#4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (fix(3.12_generics_syntax): Fixed formatting of 3.12 generics syntax psf/black#4777)
• multiline_string_handling: Make expressions involving multiline strings more compact
  (Improve multiline string handling psf/black#1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to
  normalize file newlines both from and to (Add normalizing for \r style newlines psf/black#4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception
  types in except and except* without as (Remove parentheses around multiple exception types in except and except* without as.  psf/black#4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand
  side of assignments while preserving magic trailing commas and intentional multiline
  formatting (Remove unnecessary parentheses from L.H.S of assignment statements psf/black#4865)
• standardize_type_comments: Format type comments which have zero or more spaces
  between # and type: or between type: and value to # type: (value) (Standardize type comments to form # type: (value) (#2097) psf/black#4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (Regenerate _width_table.py & add tests for the Khmer language psf/black#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's
.gitignore logic (psf/black#4958). Now, files will be ignored if a pattern matches them, even
if the parent directory is directly unignored. For example, Black would previously
format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain

(truncated)

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in
the January release (26.1.0). Most of the changes in --preview will be in the 2026
stable style, but not all.
Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

• Black no longer supports running with Python 3.9 (Drop support for EOL Python 3.9 psf/black#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly
  removed, particularly affecting Jupytext's # %% [markdown] comments (Fix comments being removed before fmt:off/on blocks psf/black#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on
  string literals, or on dictionary entries with long lines (Fix crash when multiple # fmt: skip comments are used in multi-part if-clause (#4731) psf/black#4872)
• Fix possible crash when fmt: directives aren't on the top level (Fix crashes when fmt directives are indented psf/black#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (Fix fmt: skip skipping the line after instead of the line it's on psf/black#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving
  magic trailing commas and intentional multiline formatting (Remove unnecessary parentheses from L.H.S of assignment statements psf/black#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (Fix fix_fmt_skip_in_one_liners crashing on with statements psf/black#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (Fix fix_fmt_skip_in_one_liners crashing on annotated parameters psf/black#4854)
• Fix new lines being added after imports with # fmt: skip on them (Fix new lines being added after imports with # fmt: skip on them psf/black#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (Add arm64 windows builds and tests psf/black#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a
  file for artifact capture and log cleanliness (feat: add output-file input for clean Black logging psf/black#4824)

(and 12 more releases — view all)

---

Generated by ADMS Sources: 1 GitHub Release.

[datadog-prod-us1-6]

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 2 Tests failed

test_e2e_inline_profile_def from test_e2e_core_vs_python.py     (Fix with Cursor)

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-check-apikey.sh: executing... 
[cont-init.d] 01-check-apikey.sh: exited 0.
[cont-init.d] 50-ci.sh: executing... 
[cont-init.d] 50-ci.sh: exited 0.
[cont-init.d] 50-ecs-managed.sh: executing... 
...

test_e2e_profile_apc_ups_user from test_e2e_core_vs_python.py     (Fix with Cursor)

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-check-apikey.sh: executing... 
[cont-init.d] 01-check-apikey.sh: exited 0.
[cont-init.d] 50-ci.sh: executing... 
[cont-init.d] 50-ci.sh: exited 0.
[cont-init.d] 50-ecs-managed.sh: executing... 
...

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 87.66% (+0.53%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 64debc5 | Docs | Datadog PR Page | Give us feedback!}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.04%. Comparing base (a0c604e) to head (64debc5).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gh-worker-campaigns-3e9aa4]

Auto-rebase complete

Branch is up to date with master — rebased onto a0c604e.

---

_{Auto-Rebase · Add no-auto-rebase to opt out}

[dd-octo-sts]

Validation Report

Validation	Description	Status
models	Validate configuration data models match spec.yaml	❌

Run ddev validate all changed --fix to attempt to auto-fix supported validations.

Passed validations (19)

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
license-headers	Validate Python files have proper license headers	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run